Summary: WaterISAC is thrilled to share that our recent virtual conference, H2OSecCon, was a tremendous success. The event brought together a vibrant community of thought leaders, professionals, and change-makers from across the sector. The variety of speakers delivered powerful insights, innovative ideas and actionable takeaways.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
UPDATE - December 2024
On December 18, 2024, WaterISAC unveiled the fourth and final set of three of its newly updated 12 Cybersecurity Fundamentals for Water and Wastewater Utilities to members during this month's Cyber Resilience Briefing. As part of a concerted effort to provide the water and wastewater systems sector with the most up-to-date guidance, WaterISAC is excited to officially bring this refresh together in it's entirety.
Summary: On Tuesday, Ivanti and Fortinet both released security advisories for critical zero day vulnerabilities affecting a range of products and urged customers to apply fixes as soon as possible.
Summary: A recently disclosed zero day vulnerability in SAP NetWeaver is being actively exploited by multiple Chinese nation-state threat actors, specifically UNC5521, UNC5174, and CL-STA-0048 to target critical infrastructure networks.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On May 8, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors. Please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Summary: This week, CISA, the FBI, EPA, and the Department of Energy (DOE) published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will strengthen their cybersecurity. The authoring organizations urge critical infrastructure entities to review this fact sheet and act now to improve their cybersecurity posture against active cyber threat activities specifically and intentionally targeting internet connected OT and ICS.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
